Back to Course

Security Orchestration, Automation & Response (SOAR)

0% Complete
0/43 Steps
  1. SOAR Playbooks
    27 Topics
  2. SOAR Platform
  3. Configuration Refresh
  4. Vulnerability Management
  5. Issue Management
  6. SOC Program Management
  7. Incident Response
  8. Air-Gapped Implementation
  9. Non-Functional Requirements (NFR)
  10. Business Case for SOAR
  11. Functional Requirements
  12. Technical Building Blocks
  13. Operational Building Blocks
  14. Platform Maintenance
  15. Threat Hunting
  16. SOAR Vendors

Participants3

Lesson Progress
0% Complete

Detect/Analyze
Quantify the DoS attack and traffic
Review OS and application logs
Research current attack intelligence and recent vulnerabilities
Update internal management team as appropriate (assessment)

Respond
Contact your ISP
Notify legal counsel of any illegal or inappropriate activity
Contact owners of systems being used to mount the DoS attack
Notify constituents (status update)
Notify external parties as appropriate
Notify law enforcement
Throttle or block DoS traffic
Terminate unwanted DoS connections or processes
Switch to alternate sites or networks
Configure egress filters
Harden and/or patch all other vulnerable systems
Remove temporary containment measures
Notify computer security organizations and resources
Notify HR
Notify public relations department
Review and respond to contractual obligations related to intrusion or loss of service

Post-Incident
Notify internal management chain (resolution)
Notify constituents (resolution)
Properly dispose of incident information
Post-incident review
Generate incident report
Update policies and procedures
PHASE Detect/Analyze
Quantify the DoS attack and traffic
Review OS and application logs
Research current attack intelligence and recent vulnerabilities
Update internal management team as appropriate (assessment)

Complete

Initial